OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • ipsec ike1 hybrid-rsa xauth failed #4438
« previous next »
  • Print
Pages: [1]

Author Topic: ipsec ike1 hybrid-rsa xauth failed #4438  (Read 1508 times)

gratuxri

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
ipsec ike1 hybrid-rsa xauth failed #4438
« on: November 04, 2020, 11:00:12 am »
Hello, my issue on https://github.com/opnsense/core/issues/4438 was marked as support, I try here now:
I have followed howto at https://docs.opnsense.org/manual/how-tos/ipsec-road.html and https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-ikev1xauth.html as a result working ipsec ike1 hybrid-rsa xauth, but without working xauth authentication.
Here are some logs with replaced ${USER}, ${FQDN}
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> XAuth authentication of '${USER}' failed
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> no XAuth secret found for '${FQDN}' - '${USER}'

After adding to /usr/local/etc/ipsec.secrets.opnsense.d/user.secrets lines like
[ <servername> ] <username> : XAUTH "<password>"
It works correctly.

Any ideas on which place it's going wrong?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6298
  • Karma: 433
    • View Profile
Re: ipsec ike1 hybrid-rsa xauth failed #4438
« Reply #1 on: November 04, 2020, 01:45:46 pm »
The compatability matrix doesnt list any supported client, so it's not verified to work. Why so you not choose anything more compatible?
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

gratuxri

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: ipsec ike1 hybrid-rsa xauth failed #4438
« Reply #2 on: November 06, 2020, 04:45:31 pm »
I choose this setup, because every android phone support this without extra software + no rollout for certificates is needed and you can use just letencrypt certificate. This 3 arguments is very important for me. And yes, I know, that it's not very secure, but it's just handy.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • ipsec ike1 hybrid-rsa xauth failed #4438
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2